MAS outlines data governance for public cloud environment

The recently issued advisory to all financial institutions operating in the country, by the Monetary Authority of Singapore (MAS), outlined a need for a comprehensive view to developing a public cloud risk management strategy.

As the financial services industry adopts digital banking and online services, public clouds are becoming an alternative and efficient way to deliver services to customers online. As such the need to review, analyse, mitigate and recover from online breaches has become the imperative.

Recognising developing trends and the emergence of data hyperscaler platforms including Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure, the advisory highlighted the need for Financial Institutions (FI) to take full responsibility for securing their data, privacy of customer's identifiable information and workloads especially, in the public cloud.

The advisory details the need for financial institutions to perform a comprehensive and future ready risk assessment to ensure a high standard of compliance controls, data governance and mitigation protocols commensurate with the risks posed by public cloud services.

Paradigm shift in thinking

This is truly significant and a proactive shift in thinking from one of the leading central banks in the region. Acknowledging the value of digital banking and financial services, MAS is recognising the increasing importance of not only public clouds but also a multicloud operating environment for the financial services industry in Singapore. And in line with that, has identified a set of guidelines to protect proactively, customer, enterprise and archival data, ensuring high standards of data privacy, handling and access control standards.

Public clouds appeal not only to traditional banks looking to transform their business in this new economy, but to newly-minted digital banks in Singapore, which were issued licenses by the Monetary Authority of Singapore (MAS) earlier this year. Digital banks operate on digital platforms exclusively, and rely on artificial intelligence and big data analysis. Public clouds help to provide more robust real-time updates, speed up account approval times, and improve personalisation for thousands of potential customers.

Data security key to mitigating risks

A key point from the advisory was data security and the handling of data within the banking ecosystem. Advising banks and financial institutions to look at Identity and Access Management (IAM), securing data assets, as well as cyptographic key management for example, MAS specifies common risks associated with the public cloud and provides recommendations for control measures for financial institutions. It is apparent that MAS is working to strengthen cloud security controls and protocols for the industry to limit the risk of compromise and boost global industry and consumer confidence. Another key takeaway from the advisory was the recognition of public clouds and a multicloud environment as operating norms for the financial services industry.

The MAS advisory also highlights the need to review, ensure cloud resilience, manage services outsourcing, vendor lock-in and address risks from cloud services, platform concentration. The objective from MAS is to drive a proactive approach to managing the broad spectrum of risk associated with data cloud services and delivery models.

The MAS is prescient in addressing the risks posed by a public cloud and multicloud operating environment. A Boston Consulting Group report estimated that by 2025, almost 40 percent of data warehouse and analytic workloads and more than 30 percent of core business applications in the financial services industry will be running on public clouds. It is not difficult to imagine how the pandemic has accelerated public cloud adoption, especially as consumer demand for internet banking continued to increase in the wake of the restricted movement and lockdowns.

Challenges remain in implementing data management

However, many institutions globally are still grappling with challenges specific to public cloud including data privacy, security, governance, compliance, and protecting cloud resources. Moreover, with many organisations using a combination of cloud and on-premises solutions, the need to incorporate the remote workforce, incidence of data silos and mass data fragmentation becomes an all too familiar issue.

Financial institutions require an appropriate, relevant data security measures protocol to protect the confidentiality, integrity of sensitive data in the public cloud, while taking into consideration data-at-rest, data-in-motion and data-in-use where applicable. This is exacerbated when financial institutions have to deal with complex data centre infrastructure, manage multicloud environments, deal with fragmented silos for backup and a sprawling application assets. As a result, multiple point-based data management applications only increase attack surfaces for cybercriminals and scale-up the complexities affecting storage performance, efficiency, and costs for financial institutions.

In this rapidly developing data management landscape, financial institutions need solutions that will help them not only address their main data protection-related requirements but also enable them to implement broader infrastructure strategies including automation, analytics, multicloud adoption, and storage consolidation.

A solution to this complex problem is to view data management holistically, and by consolidating all secondary workloads and data services at web-scale. Built as a scale-out platform with a linear pay-as-you-grow scalability and always-on availability, the solution eliminates the need for mass data migrations and 'forklift' upgrades. This enables organisations to maximise space, cost and operational efficiency.

By running multi-cloud data management solution organisations replace multiple data protection silos including media servers, cloud gateways and storage with a single view, converged solution.

This approach eliminates secondary storage silos, consolidating backups, files, objects, test/dev, and analytics data. It enables IT managers to control all secondary data operations with a converged data protection, automate Disaster Recovery and cloud migration, as well as automate DevOps. By creating a single data fabric spanning the edge to the cloud, the solution enables data and application mobility across multicloud environments.

In summary, it is imperative the financial institutions, review solutions that go beyond their core needs of addressing backup and restore challenges but also solutions that cater to managing workloads for analytics, DevOps, secondary storage consolidation, and implementing a cloud-ready environment.

By looking at broader solutions that can do three or four key data management tasks, organisations can not only address core data security and risks mitigation requirements highlighted by the MAS advisory, but also increase the benefits, including operating in a hybrid, multicloud, environment with an end-to-end data management platform for long-term archiving, retention, and analytics strategies.